This exploit allows an attacker to upload a malicious file to a vulnerable WordPress website. The attacker can then execute arbitrary code on the server. This vulnerability is related to CVE-2020-5777.
This module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once. Drupal updated SA-CORE-2019-003 with PSA-2019-02-22 to notify users of this alternate vector. Drupal < 8.5.11 and < 8.6.10 are vulnerable.
KADOS (KAnban Dashboard for Online Scrum) is a web-based tool for managing Scrum projects. An attacker can exploit a SQL injection vulnerability in the 'menu_lev1' parameter of the Kados R10 GreenBee application. The attacker can send malicious payloads to the vulnerable parameter and execute arbitrary SQL commands in the backend database.
The use of getpidcon() in Android is fundamentally unsafe and can lead to a race condition vulnerability. This vulnerability was reported in four bugs in Android, which were caused by the use of getpidcon(). The bulletin entry for bug 1404 points to three commits, one of which is intended to reduce the size of the race window, but does not address the actual issue.
It is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. The problem is in the code path mem_write -> mem_rw -> access_remote_vm -> __access_remote_vm -> get_user_pages_remote -> __get_user_pages_locked -> __get_user_pages -> find_extend_vma. Then, if the VMA in question has the VM_GROWSDOWN flag set: expand_stack -> expand_downwards -> security_mmap_addr -> cap_mmap_addr. This, if the address is below dac_mmap_min_addr, does a capability check against current_cred(), which are the creds of the task doing the write(), not the creds of the task whose VMA is being changed.
Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user’s browser under the privileges of the web application.
The XSS vulnerability has been discovered in the Bolt CMS web application software due to its vulnerability in the source code in version 3.6.4. An attacker can exploit this vulnerability by sending a malicious HTTP POST request to the vulnerable application.
A directory traversal and local file inclusion vulnerability in the FPProducerInternetServer.exe service/utility in Ricoh MarcomCentral's, formerly PTI Marketing, FusionPro VDP Creator allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, access to common files that contain plaintext credentials, and possibly remote code execution. Exploiting this vulnerability is extremely simple. This could be done from a browser like Firefox. Simply navigate the affected host (e.g. <http://><host.domain.tld>:<port#>/Windows/System32/drivers/etc/hosts. No slash-dot-dots (/../..) are required, but you can add some if you want. Note that the slashes are forward slashes! By default, the service sets up a listener on port 8080.
Due to the absence of CSRF token in the request, attackers can forge the post request and insert malicious codes into the template file which leads to dynamic code evaluation.
This exploit allows an attacker to upload a malicious app to Splunk Enterprise 7.2.4, which can be used to execute arbitrary code on the target system.
Services By CQR